spf-discuss
[Top] [All Lists]

Re: Re: SPF implementations

2005-08-16 02:14:59
"Seth Goodman" <sethg(_at_)GoodmanAssociates(_dot_)com> writes:

[RFC2821, section 7.1, Mail Security and Spoofing]

   Efforts to make it more difficult for users to set envelope return
   path and header "From" fields to point to valid addresses other than
   their own are largely misguided: they frustrate legitimate
   applications in which mail is sent by one user on behalf of another
   or in which error (or normal) replies should be directed to a special
   address.  (Systems that provide convenient ways for users to alter
   these fields on a per-message basis should attempt to establish a
   primary and permanent mailbox address for the user so that Sender
   fields within the message data can be generated sensibly.)

----------------------------

Needless to say, I think the above is misguided.  People should not forge
identities, even if the use is benign.

I would disagree. I suspect that it is common for 'role' addresses to
be aliased to a personal address, often with the same person receiving
more than one 'role' address. If user(_at_)example(_dot_)com receives mail for
postmaster(_at_)example(_dot_)com and abuse(_at_)example(_dot_)com, they may 
well want
replies to mails sent to those addresses to show the appropriate
'role' account rather than user(_at_)example(_dot_)com(_dot_)


<Prev in Thread] Current Thread [Next in Thread>